Typically, in a content management system and in other contexts in which access to electronically stored content is restricted, a user (individual, system, application, process, etc.) is permitted to access a content item if the user is included, individually or by virtue of membership in a group, in an “access control list” (ACL) associated with the content item. Typically, the ACL specifies a level of access to be allowed, e.g., by specifying a type of permit selected from a set of predefined options, such as “browse”, “read”, “write”, and “delete”.
In some contexts, however, it may be necessary and/or desired to control access in other and/or additional ways. For example, it may be desirable to use an ACL to restrict and/or grant an access right not contemplated by or included in any of the predefined permits, such as the ability to “print” a document, or “play” multimedia content, or “export” content to another destination/format.
Therefore, there is a need for an effective way to define and enforce access and use restrictions in a manner not provide for by a set of predefined access permits.